Mercurial > hg > thermostat-ng > agent

changeset 2743:915993144f20

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Explicitly require basic auth config. Reviewed-by: jkang Review-thread: http://icedtea.classpath.org/pipermail/thermostat/2017-August/024724.html
author Severin Gehwolf <sgehwolf@redhat.com>
date Tue, 29 Aug 2017 12:05:38 +0200
parents 75ca7e4f3226
children b1c3824710b9
files agent/core/src/main/java/com/redhat/thermostat/agent/config/AgentConfigsUtils.java agent/core/src/main/java/com/redhat/thermostat/agent/config/AgentProperties.java agent/core/src/main/java/com/redhat/thermostat/agent/config/AgentStartupConfiguration.java agent/core/src/main/java/com/redhat/thermostat/agent/http/HttpRequestService.java agent/core/src/test/java/com/redhat/thermostat/agent/config/AgentConfigsUtilsTest.java agent/core/src/test/java/com/redhat/thermostat/agent/http/HttpRequestServiceTest.java distribution/config/agent.properties
diffstat 7 files changed, 84 insertions(+), 17 deletions(-) [+]
line wrap: on
line diff
--- a/agent/core/src/main/java/com/redhat/thermostat/agent/config/AgentConfigsUtils.java	Wed Aug 23 18:53:32 2017 +0200
+++ b/agent/core/src/main/java/com/redhat/thermostat/agent/config/AgentConfigsUtils.java	Tue Aug 29 12:05:38 2017 +0200
@@ -93,15 +93,14 @@
         }
 
         Boolean keycloakEnabled = Boolean.valueOf(properties.getProperty(AgentProperties.KEYCLOAK_ENABLED.name()));
-        if (keycloakEnabled != null) {
-            configuration.setKeycloakEnabled(keycloakEnabled);
-
+        configuration.setKeycloakEnabled(keycloakEnabled);
+        if (keycloakEnabled) {
             configuration.setKeycloakRealm(properties.getProperty(AgentProperties.KEYCLOAK_REALM.name()));
             configuration.setKeycloakUrl(properties.getProperty(AgentProperties.KEYCLOAK_URL.name()));
             configuration.setKeycloakClient(properties.getProperty(AgentProperties.KEYCLOAK_CLIENT.name()));
-        } else {
-            configuration.setKeycloakEnabled(false);
         }
+        Boolean basicAuthEnabled = Boolean.valueOf(properties.getProperty(AgentProperties.BASIC_AUTH_ENABLED.name()));
+        configuration.setBasicAuthEnabled(basicAuthEnabled);
     }
 }
 
--- a/agent/core/src/main/java/com/redhat/thermostat/agent/config/AgentProperties.java	Wed Aug 23 18:53:32 2017 +0200
+++ b/agent/core/src/main/java/com/redhat/thermostat/agent/config/AgentProperties.java	Tue Aug 29 12:05:38 2017 +0200
@@ -45,5 +45,6 @@
     KEYCLOAK_URL,
     KEYCLOAK_REALM,
     KEYCLOAK_CLIENT,
+    BASIC_AUTH_ENABLED,
 }
 
--- a/agent/core/src/main/java/com/redhat/thermostat/agent/config/AgentStartupConfiguration.java	Wed Aug 23 18:53:32 2017 +0200
+++ b/agent/core/src/main/java/com/redhat/thermostat/agent/config/AgentStartupConfiguration.java	Tue Aug 29 12:05:38 2017 +0200
@@ -48,6 +48,7 @@
     private String keycloakUrl;
     private String keycloakRealm;
     private String keycloakClient;
+    private boolean basicAuthEnabled;
     
     AgentStartupConfiguration() {
     }
@@ -109,5 +110,13 @@
     public void setKeycloakRealm(String keycloakRealm) {
         this.keycloakRealm = keycloakRealm;
     }
+
+    public boolean isBasicAuthEnabled() {
+        return basicAuthEnabled;
+    }
+
+    public void setBasicAuthEnabled(boolean basicAuthEnabled) {
+        this.basicAuthEnabled = basicAuthEnabled;
+    }
 }
 
--- a/agent/core/src/main/java/com/redhat/thermostat/agent/http/HttpRequestService.java	Wed Aug 23 18:53:32 2017 +0200
+++ b/agent/core/src/main/java/com/redhat/thermostat/agent/http/HttpRequestService.java	Tue Aug 29 12:05:38 2017 +0200
@@ -133,9 +133,11 @@
         try {
             if (agentStartupConfiguration.isKeycloakEnabled()) {
                 request.header(HttpHeader.AUTHORIZATION.asString(), "Bearer " + getAccessToken());
-            } else {
+            } else if (agentStartupConfiguration.isBasicAuthEnabled()) {
                 request.header(HttpHeader.AUTHORIZATION.asString(),
                                getBasicAuthHeaderValue());
+            } else {
+                logger.warning("Neither KEYCLOAK_ENABLED=true nor BASIC_AUTH_ENABLED=true. Requests will probably fail.");
             }
             ContentResponse response =  request.send();
             int status = response.getStatus();
--- a/agent/core/src/test/java/com/redhat/thermostat/agent/config/AgentConfigsUtilsTest.java	Wed Aug 23 18:53:32 2017 +0200
+++ b/agent/core/src/test/java/com/redhat/thermostat/agent/config/AgentConfigsUtilsTest.java	Tue Aug 29 12:05:38 2017 +0200
@@ -36,6 +36,9 @@
 
 package com.redhat.thermostat.agent.config;
 
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
 import java.io.File;
 import java.io.IOException;
 import java.util.Properties;
@@ -98,6 +101,16 @@
         Assert.assertTrue(config.purge());
     }
     
+    @Test
+    public void testIsBasicAuthEnabled() throws InvalidConfigurationException, IOException {
+        Properties sysProps = createSystemProperties();
+        Properties userProps = createUserProperties();
+        setConfigs(sysProps, userProps);
+        AgentStartupConfiguration config = AgentConfigsUtils.createAgentConfigs();
+        assertTrue(config.isBasicAuthEnabled());
+        assertFalse(config.isKeycloakEnabled());
+    }
+    
     private Properties createSystemProperties(String configListenAddress) {
         return doCreateSystemProperties(configListenAddress);
     }
@@ -110,7 +123,8 @@
         Properties agentProperties = new Properties();
         agentProperties.setProperty("DB_URL", "http://5.6.7.8:9002/world");
         agentProperties.setProperty("SAVE_ON_EXIT", "false");
-        agentProperties.setProperty("CONFIG_LISTEN_ADDRESS", "24.24.24.24:24");
+        agentProperties.setProperty("BASIC_AUTH_ENABLED", "true");
+        agentProperties.setProperty("KEYCLOAK_ENABLED", "false");
         return agentProperties;
     }
     
--- a/agent/core/src/test/java/com/redhat/thermostat/agent/http/HttpRequestServiceTest.java	Wed Aug 23 18:53:32 2017 +0200
+++ b/agent/core/src/test/java/com/redhat/thermostat/agent/http/HttpRequestServiceTest.java	Tue Aug 29 12:05:38 2017 +0200
@@ -109,7 +109,7 @@
 
     @Test
     public void testRequestWithoutKeycloak() throws Exception {
-        AgentStartupConfiguration configuration = createNoKeycloakConfig();
+        AgentStartupConfiguration configuration = createBasicAuthConfig();
 
         HttpRequestService service = createAndActivateRequestService(configuration);
 
@@ -177,7 +177,7 @@
 
     @Test
     public void testRequestWithNullPayload() throws Exception {
-        AgentStartupConfiguration configuration = createNoKeycloakConfig();
+        AgentStartupConfiguration configuration = createBasicAuthConfig();
 
         HttpRequestService service = createAndActivateRequestService(configuration);
 
@@ -193,8 +193,8 @@
     }
     
     @Test
-    public void verifyNoKeycloakDefaultsToAuthBasic() throws Exception {
-        AgentStartupConfiguration configuration = createNoKeycloakConfig();
+    public void verifyBasicAuthConfig() throws Exception {
+        AgentStartupConfiguration configuration = createBasicAuthConfig();
 
         HttpRequestService service = createAndActivateRequestService(configuration);
 
@@ -215,6 +215,29 @@
         verify(httpRequest).send();
     }
     
+    /**
+     * If no authentication settings are done, no authorization headers should
+     * get added.
+     * 
+     * @throws Exception
+     */
+    @Test
+    public void verifyNoAuthConfig() throws Exception {
+        AgentStartupConfiguration configuration = createNoAuthConfig();
+
+        HttpRequestService service = createAndActivateRequestService(configuration);
+
+        service.sendHttpRequest(null, GATEWAY_URI, com.redhat.thermostat.agent.http.HttpRequestService.Method.GET);
+
+        verify(client).newRequest(GATEWAY_URI);
+        verify(configuration).isKeycloakEnabled();
+        verify(configuration).isBasicAuthEnabled();
+
+        verify(httpRequest, times(0)).header(eq(HttpHeader.AUTHORIZATION.asString()), anyString());
+        verify(httpRequest).method(eq(HttpMethod.GET));
+        verify(httpRequest).send();
+    }
+    
     private String getDecodedUserPass(String userPassEncoded) throws IOException {
         @SuppressWarnings("restriction")
         byte[] decodedBytes = new sun.misc.BASE64Decoder().decodeBuffer(userPassEncoded);
@@ -235,7 +258,7 @@
         HttpClientCreator creator = mock(HttpClientCreator.class);
         HttpClientFacade getClient = setupHttpClient(creator, getContent);
         
-        AgentStartupConfiguration configuration = createNoKeycloakConfig();
+        AgentStartupConfiguration configuration = createBasicAuthConfig();
         ConfigCreator configCreator = mock(ConfigCreator.class);
         when(configCreator.create(any(CommonPaths.class))).thenReturn(configuration);
         HttpRequestService service = new HttpRequestService(creator, configCreator, credsCreator);
@@ -251,7 +274,7 @@
         HttpClientCreator creator = mock(HttpClientCreator.class);
         HttpClientFacade getClient = setupHttpClient(creator, getContent);
         
-        AgentStartupConfiguration configuration = createNoKeycloakConfig();
+        AgentStartupConfiguration configuration = createBasicAuthConfig();
         ConfigCreator configCreator = mock(ConfigCreator.class);
         when(configCreator.create(any(CommonPaths.class))).thenReturn(configuration);
         HttpRequestService service = new HttpRequestService(creator, configCreator, credsCreator);
@@ -281,15 +304,24 @@
     public void failureThrowsRequestFailedException() throws Exception {
         Request request = mock(Request.class);
         when(client.newRequest(any(URI.class))).thenReturn(request);
-        AgentStartupConfiguration configuration = createNoKeycloakConfig();
+        AgentStartupConfiguration configuration = createBasicAuthConfig();
         doThrow(IOException.class).when(request).send();
         HttpRequestService service = createAndActivateRequestService(configuration);
         service.sendHttpRequest("foo", GATEWAY_URI, com.redhat.thermostat.agent.http.HttpRequestService.Method.DELETE /*any valid method*/);
     }
 
-    private AgentStartupConfiguration createNoKeycloakConfig() {
+    private AgentStartupConfiguration createBasicAuthConfig() {
+        return createAuthConfig(true, false);
+    }
+    
+    private AgentStartupConfiguration createNoAuthConfig() {
+        return createAuthConfig(false, false);
+    }
+    
+    private AgentStartupConfiguration createAuthConfig(boolean isBasicAuthEnabled, boolean isKeycloakEnabled) {
         AgentStartupConfiguration configuration = mock(AgentStartupConfiguration.class);
-        when(configuration.isKeycloakEnabled()).thenReturn(false);
+        when(configuration.isKeycloakEnabled()).thenReturn(isKeycloakEnabled);
+        when(configuration.isBasicAuthEnabled()).thenReturn(isBasicAuthEnabled);
         return configuration;
     }
 
--- a/distribution/config/agent.properties	Wed Aug 23 18:53:32 2017 +0200
+++ b/distribution/config/agent.properties	Tue Aug 29 12:05:38 2017 +0200
@@ -2,8 +2,18 @@
 # or rather will purge the db
 SAVE_ON_EXIT=true
 
+# Keycloak configuration settings
+#
+# Set this to true in order to use Keycloak as the authentication
+# and authorization provider. If set to true BASIC authentication
+# will NOT be used.
+KEYCLOAK_ENABLED=false
 # Keycloak server URL used for authentication of http requests
-KEYCLOAK_ENABLED=false
 KEYCLOAK_URL=http://127.0.0.1:31000
 KEYCLOAK_REALM=thermostat
 KEYCLOAK_CLIENT=thermostat-web-client
+
+# Set to true if basic authentication shall be used for
+# HTTP requests. KEYCLOAK_ENABLED must be set to false as
+# that provider takes precedence.
+BASIC_AUTH_ENABLED=true